H3xoR Posted January 17, 2012 Report Posted January 17, 2012 (edited) Gaseste algoritmul pentru urmatorul keygen.EDITED( link updated )DownloadHint: 1) Pozitia in sir "conteaza".Astept rezolvari Solvers: 1)alkimistu 2)SilviuSDSAici aveti codul sursa pentru "keylogger-ul" cu "virusi" #NoTrayIcon#include <GUIConstants.au3>$main = GUICreate( "Keygen", 264, 152, 192, 124 )$name = GUICtrlCreateLabel( "Name: ", 13, 21, 38, 17 )$key = GUICtrlCreateLabel( "Key: ", 13, 69, 28, 17 )$input = GUICtrlCreateInput( "", 53, 19, 193, 21 )$output = GUICtrlCreateInput( "", 53, 67, 193, 21 )$generate = GUICtrlCreateButton( "Generate", 93, 107, 75, 25 )GUISetState( )While True $action = GUIGetMsg( ) If $action = $GUI_EVENT_CLOSE Then Exit EndIf If $action = $generate Then $data = GUICtrlRead( $input ) $data = StringToASCIIArray( $data ) $newdata = "" For $i = 0 To UBound( $data ) - 1 $newdata = $newdata & $data[$i] * $i Next GUICtrlSetData( $output, $newdata ) EndIf Sleep( 1 )WEnd Edited January 19, 2012 by H3xoR 1 Quote
SilviuSDS Posted January 17, 2012 Report Posted January 17, 2012 (edited) Nu am incredere sa rulez ceva de la tine pentru ca ai rep 0, post 12, topic foarte low q. Daca cineva garanteaza ma bag atunci.UPDATE: http://goo.gl/X3mBzCred ca e de ajuns. Du-te si te sinucide boule cu tot cu keylogger-ul tau, degeaba l-ai criptat.Datii o vacanta de pe forum lu' asta sa se racoreascaUPDATE 2: Se pare ca virustotal au o problema ceva si temporar link-ul de mai sus nu merge asa ca . . .:SHA256: 6efe8c69da217cd7df44346507ae2db886b2afc5c4dad5b5ef0641751764e65cSHA1: d2450cd5c97d09695c8a3669d332e65df2f56042MD5: d03e2e5d9b21f17b850aaf8413d8d17cFile size: 435.0 KB ( 445406 bytes )File type: Win32 EXEDetection ratio: 3 / 43Analysis date: 2012-01-17 13:14:18 UTC ( 4 minutes ago ) AhnLab-V3 - 20120116AntiVir - 20120117Antiy-AVL - 20120117Avast - 20120117AVG - 20120117BitDefender - 20120117ByteHero - 20120116CAT-QuickHeal - 20120117ClamAV - 20120117Commtouch - 20120117Comodo - 20120117DrWeb - 20120117Emsisoft Trojan-PWS.Keylogger!IK 20120117eSafe - 20120115eTrust-Vet - 20120117F-Prot - 20120116F-Secure - 20120117Fortinet - 20120117GData - 20120117Ikarus Trojan-PWS.Keylogger 20120117Jiangmin - 20120116K7AntiVirus - 20120113Kaspersky - 20120117McAfee - 20120117McAfee-GW-Edition - 20120117Microsoft - 20120117NOD32 Win32/Packed.Autoit.H 20120117Norman - 20120117nProtect - 20120117Panda - 20120116PCTools - 20120117Prevx - 20120117Rising - 20120116Sophos - 20120117SUPERAntiSpyware - 20120114Symantec - 20120117TheHacker - 20120116TrendMicro - 20120117TrendMicro-HouseCall - 20120117VBA32 - 20120117VIPRE - 20120117ViRobot - 20120117VirusBuster - 20120116 Edited January 17, 2012 by SilviuSDS virus scan Quote
alkimistu Posted January 17, 2012 Report Posted January 17, 2012 Si la mine l-a detectat nod32 ca trojan. Urat din partea ta. Quote
Flubber Posted January 17, 2012 Report Posted January 17, 2012 NoVirusThanks:File InfoReport date: 2012-01-17 14:54:10 (GMT 1)File name: keygen-exeFile size: 445406 bytesMD5 Hash: d03e2e5d9b21f17b850aaf8413d8d17cSHA1 Hash: d2450cd5c97d09695c8a3669d332e65df2f56042Detection rate: 2 on 9 (22%) Status: INFECTED DetectionsAvast - AVG - Avira AntiVir - ClamAV - Comodo - Emsisoft - Trojan-PWS.Keylogger!IKF-Prot - Ikarus - Trojan-PWS.KeyloggerTrendMicro - Scan report generated byNoVirusThanks.orgVirusTotal (reanalizare):https://www.virustotal.com/file/6efe8c69da217cd7df44346507ae2db886b2afc5c4dad5b5ef0641751764e65c/analysis/1326808811/Anubis ISECLAB (interactiune cu mediul - analiza):http://anubis.iseclab.org/?action=result&task_id=1a51e7a5616b4aab499798880fc102b81Sa-l arunce cineva in RDG Packet Detector (intr-o masina virtuala evident) si alte detectoare de packere si sa posteze ce packer a folosit (daca e semnatura stiuta), sunt chiar curios!P.S. Rezultatele pot fi de tipul fals-pozitiv, depinde ce cod a scris si in ce l-a scris. Quote
H3xoR Posted January 17, 2012 Author Report Posted January 17, 2012 1) De ce ma criticati cat timp nu aveti o dovada clara?2) Acest "Keygen" este scris in AutoIT. Nu este virusat, garantez 100%. Quote
wildchild Posted January 17, 2012 Report Posted January 17, 2012 Si ce functii ai inclus in el daca reuseste sa faca trigging la AV? Quote
H3xoR Posted January 17, 2012 Author Report Posted January 17, 2012 Tocmai asta e problema. Cu ce garantezi? Ai 13 posturi, e?ti înregistrat de 2 luni... Nu ai cu ce sa garantezi.Pai cat timp nu imi acorzi putina incredere, imi este imposibil... daca stau si analizez postul tau, rezultatul este urmatorul: orice membru nou nu este bine venit.... Quote
alkimistu Posted January 17, 2012 Report Posted January 17, 2012 Pai cat timp nu imi acorzi putina incredere, imi este imposibil... daca stau si analizez postul tau, rezultatul este urmatorul: orice membru nou nu este bine venit....Prietene, si eu sunt nou venit dupa numarul de posturi dar nimeni nu se ia de mine. Asta deoarece nu incerc sa postez diferite programele ciudate pe aici. Nimeni nu e atat de prost incat sa incerce sa il pacaleasca pe Pacala:) Quote
H3xoR Posted January 17, 2012 Author Report Posted January 17, 2012 Am descoperit unde era problema.. cand am compilat, era bifata optiunea "Use UPX"... se pare ca de aici si acele "alarme" false.Noul download link HereScan VirusTotal: HereScan Anubis: HereSper ca nu mai exista alte suspiciuni... Quote
aphex Posted January 17, 2012 Report Posted January 17, 2012 @H3xoR nu te mai omori frate ca aici sunt multi "experti" in securitate carora le e frica sa ruleze un executabil Quote
SilviuSDS Posted January 18, 2012 Report Posted January 18, 2012 (edited) Si aici aveti scanarile facute de mine atat pentru arhiva cat si pentru executabil:EXE: http://goo.gl/SJBEMZIP: http://goo.gl/Riel7Result: Win32:Rootkit-gen [Rtk]O sa-l rulez in VM Virtual Box pe un XP sa vedem ce stie sa faca.UPDATE: L-am rulat in VM habar nu am daca a facut ceva rau sau nu, nici nu-mi pasa prea mult, l-am rulat ca sa-i aflu algoritmul si sa terminam odata cu bataia asta de cap.Simplu, key-ul este generat luand fiecare litera din string, facem dec din ea, o inmultim cu pozitia in sir si o concatenam la key-ul generat. Edited January 18, 2012 by SilviuSDS rezolvare Quote
H3xoR Posted January 18, 2012 Author Report Posted January 18, 2012 Bine, ai gasit algoritmul.. acum, presupun ca-ti dai seama ca nu a fost un keyloger sau vre-un virus.. Quote
UnuRo Posted October 2, 2012 Report Posted October 2, 2012 Un StringFromASCIIArray rezolva tot, in loc de "- 1", setezi "+ 1" si in loc de "* $i" setezi "/ $i2".Acelasi principiu !Greu, nu?Dar daca ai un random la in loc de "* $i" si nu mai inmulteste numarul cronologic, ce faci ? Quote
hackerika Posted October 7, 2012 Report Posted October 7, 2012 La ce reinvii un topic de aproape un an?Ai dat peste regulament ?N-o sa stai tu mult pe aici. Quote
